Towards the end of 2015, Continuity Central undertook a survey around the trends and challenges facing the organisation and business continuity management (BCM). More than 80 percent of respondents were from large enterprises and 86 percent of these expected to see significant change in 2016. In South Africa, a 2015 Metrofile Information and Records Management Trends Index found that the number of organisations with a BC and disaster recovery plan (DRP) in place rose from 60 percent to 69 percent over a period of 12 months. The times, as they say, are a-changing and it looks like the South African organisation is getting ready to roll with it...
"Two thirds of local businesses, around 69 percent, have been affected by a business interruption over the past 12 months, such as power outages, natural disasters or public unrest," says Greg Comline, GM of Global Continuity South Africa. "In light of this, it's reassuring to see a significant improvement in the amount of companies that have a BC and DRP in place, which shows that more businesses are beginning to understand their importance."
Some clear trends have emerged in the BCM space over the past few years. One of the most significant is the shift in priority internally and buy-in from the C-suite. The KPMG Global Business Continuity Management Program benchmarking study found that 71 percent of organisations had a senior management advisory or steering committee in place, up from 65 percent in 2012 and that the CEO, COO and CIO are taking the lead when it comes to C-level BCM reporting responsibility. Having high-level engagement is vital to the success of any BCM strategy as it ensures greater adoption and investment.
Remove the silo
"Businesses can no longer function in departmental silos when it comes to BCM," says Albe Gouws, GM, Technical Services, Redstor. "Risk managers have to evaluate the business as a single entity and develop integrated plans. The days of the IT department pushing business continuity or disaster recovery have passed."
BCM is evolving as rapidly as the industries around it. To benefit from any implementation, the organisation has to ensure that it is capable of addressing an array of challenges such as natural disasters, technology and man-made incidents, to name a few. It also has to remain aligned to the organisation's strategic goals.
"Significant business and technology changes need to be assessed by the enterprise from many perspectives, including impact on existing processes, associated risk and how technology changes can be leveraged to improve continuity capabilities," says Neil Cosser, Identity and Data Protection manager for Africa at Gemalto. "The way we do business has changed dramatically in the past decade and the need for mobility and efficiency means that most of the enterprise data nowadays is stored on the cloud and accessed in multiple places and from multiple devices. But the lack of physical control, or defined entrance and exit points, brings a whole host of security issues, including data breaches, data leakage and unauthorised access. So how can businesses best protect their assets in the cloud?"
A top priority
Cosser raises a valid point, one that begs the question - what projects should organisations concentrate on to ensure a seamless installation and robust results? According to Brendan Widlake, Business Development executive at Stratus Technologies, the first priority should be to keep business-critical elements up and running.
Heino Gevers, Customer Success manager at Mimecast, adds: "It varies based on the organisation and its core components. The challenge for organisations is deciding on a service that is best suited to their specific needs and most have core components so customised, they must invest in a bespoke service."
Businesses can no longer function in departmental silos.
Albe Gouws, Redstor
Of course, a bespoke service brings about a bespoke cost and the business has to assess what can be done within a specific budget and what is the most important. This has driven the growth of two other trends - cloud and compliance. Cloud can potentially check the boxes of cost and capability, and focusing on compliance can give the business some breathing space before it invests even further into a BCM solution. Ultimately, the business can save cost in the long term with a robust BCM strategy in place, but needs to adjust its expectations in terms of implementation.
"To be efficient, BCM must follow the trends and adapt to the latest technologies on the market," says Cosser. "Emerging technologies such as BYOD, cloud and virtualisation can bring more efficiency to BCM programmes and more reactivity when it comes to handling a crisis. However, to realise these objectives, CIOs need to first address new risks introduced through the adoption of new technologies to minimise negative impacts and maximise benefits."
BCM in numbers
* 59% of organisations experienced severe weather-related incidents in 2014 (KPMG)
* 37% of businesses had an IT-related issue affect processes over one year (KPMG)
* 38% of organisations with a steering committee completely met their recovery time objectives versus 21% without a committee (KPMG)
* 86% of organisations had to use a recovery plan within the past 24 months (Gartner)
* 20% of organisations saw post-incident losses of up to $5 million (Disaster Recovery Preparedness Council)
* 60% of companies that lose their data will shut down within six months (Disaster Recovery Council)
* 60% of disasters are down to human error (Disaster Recovery Benchmark)
* 36% of companies want DR but can't afford it (infrascale)
A crystal ball
We ask the experts what changes need to be made by the business in order to thrive in complex economic times and what they need to look out for before implementing a BCM strategy.
Sven Blom, head of Sales, Teraco: "The significant issue today is that data is no longer just a set of random numbers, but more a company's asset. This means that it goes beyond system recovery and becomes more about business and data continuity. Understanding which parts of the strategy can be outsourced in order to improve costs and assist with future planning will be key to any BCM/DR strategy."
Significant business and technology changes need to be assessed by the enterprise from many perspectives.
Neil Cosser, Gemalto
Neil Cosser, Identity and Data Protection manager for Africa, Gemalto: "Results of a recent study we conducted in ten countries (including South Africa) with Vanson Bourne among CIOs and IT managers show that we're not `there yet' when it comes to mobility and security. Although IT departments are going through major transformation, organisations around the world are still failing to meet demands for greater mobility. South Africa is no exception. Almost 96 percent of South African IT managers recognise the importance of enabling mobility in their work practices."
Albe Gouws, GM, Technical Services, Redstor: "Any risk-associated planning should be regularly reviewed, tested and improved. Unfortunately, business continuity plans are not reviewed as often, usually only after a failed test or an actual disaster. Real life doesn't work that way. This needs to be addressed by simplifying existing plans, making use of cloud technologies and regular testing of the process and improving on it each time."
Bradley Janse van Rensburg: CTO, ContinuitySA: "BCM is a journey rather than an event, and when any organisation begins putting a BCM programme into operation, it typically does not understand what it's taking on. At the inception of the project, it's probably worth articulating its scope, size and importance, as well as identifying some quick wins. It's also important to assign the right resource to run a project of this magnitude and complexity."
This article was first published in the [April 2016] edition of ITWeb Brainstorm magazine. To read more, go to the Brainstorm website.
Share